Krebs on Security

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

According to an analysis of Starkiller by the security firm Abnormal AI, the service lets customers select a brand to impersonate (e.g., Apple, Facebook, Google, Microsoft et. al.) and generates a ...

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.

Proof of life: How CAPTCHA changed the internet

See how we created a form of invisible surveillance, who gets left out at the gate, and how we’re inadvertently teaching the machine to see, think like us.